docker macvlan - 没有到主机的路由(容器)
[英]docker macvlan - no route to host (container)
问题描述
Im trying to understand the "macvlan" network from docker.
我试图从 docker 了解“macvlan”网络。 I create a new network:我创建了一个新网络:
docker network create -d macvlan \
--subnet=192.168.2.0/24 \
--gateway=192.168.2.1 \
-o parent=eno1 \
pub_net
And start new container with the new network:并使用新网络启动新容器:
docker run --rm -d --net=pub_net --ip=192.168.2.74 --name=whoami -t jwilder/whoami
When i try to access the service from the container or ping it i get:当我尝试从容器访问服务或 ping 它时,我得到:
curl: (7) Failed to connect to 192.168.2.74 port 8000: no route to host
Tested with Ubuntu 16.04, Ubuntu 18.04 & CentOS 7. Neither from the docker host itself or other clients on the network can reach the container. Tested with Ubuntu 16.04, Ubuntu 18.04 & CentOS 7. Neither from the docker host itself or other clients on the network can reach the container.
I followed the example fromt he docker site: https://docs.docker.com/network/network-tutorial-macvlan/#bridge-example我遵循了 docker 站点的示例: https://docs.docker.com/network/network-tutorial-macvlan/#bridge-example
What im missing?我缺少什么?
I read here Bind address in Docker macvlan to execute these commands (no clue what they do):我在这里阅读了 Docker macvlan 中的绑定地址来执行这些命令(不知道它们做了什么):
sudo ip link add pub_net link eno1 type macvlan mode bridge
sudo ip addr add 192.168.2.22/24 dev pub_net
But this does nothing on my machine(s)但这在我的机器上没有任何作用
1 个解决方案
解决方案1
2 已采纳 2020-09-09 07:35:35
I believe it is by design that host cannot reach its own containers through a macvlan network.我相信主机无法通过 macvlan 网络访问自己的容器是设计使然。 I leave it to others to explain why exactly this is so, but to verify that this is where your problem lies, you can try to ping your container at 192.168.2.74 from another host on the network or even from another container or vm on the same host.我把它留给其他人来解释为什么会这样,但要验证这是你的问题所在,你可以尝试从网络上的另一个主机,甚至从另一个容器或虚拟机上的192.168.2.74 ping 你的容器同一个主机。 If you can reach the container from other machines but not from the host, everything is working as it should.如果您可以从其他机器但不能从主机访问容器,则一切正常。
According to this blog post , you can nevertheless allow for host-container communication by creating a macvlan interface on the host sub -interface and then create a macvlan interface in host in order to let it access the macvlan that the container is in.根据this blog post ,您仍然可以通过在主机子接口上创建一个macvlan接口来允许主机容器通信,然后在主机中创建一个macvlan接口,以便让它访问容器所在的macvlan。
I have not tried this myself yet and I'm not sure about the exact consequences, so I quote the instructions from the blog post here so that others can add to it where necessary:我自己还没有尝试过,我不确定确切的后果,所以我在这里引用博客文章中的说明,以便其他人可以在必要时添加:
Create a macvlan interface on host sub-interface:
docker network create -d macvlan \ –subnet=192.168.0.0/16 \ –ip-range=192.168.2.0/24 \ -o macvlan_mode=bridge \ -o parent=eth2.70 macvlan70Create container on that macvlan interface:
docker run -d –net=macvlan70 –name nginx nginxFind ip address of Container:
docker inspect nginx | grep IPAddress “SecondaryIPAddresses”: null, “IPAddress”: “”, “IPAddress”: “192.168.2.1”,At this point, we cannot ping container IP “192.168.2.1” from host machine.
Now, let's create macvlan interface in host with address “192.168.2.10” in same network.
sudo ip link add mymacvlan70 link eth2.70 type macvlan mode bridge sudo ip addr add 192.168.2.10/24 dev mymacvlan70 sudo ifconfig mymacvlan70 upNow, we should be able to ping the Container IP as well as access “nginx” container from host machine.
$ ping -c1 192.168.2.1 PING 192.168.2.1 (192.168.2.1): 56 data bytes 64 bytes from 192.168.2.1: seq=0 ttl=64 time=0.112 ms — 192.168.2.1 ping statistics — 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.112/0.112/0.112 ms
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.